-
Attempt
01 -
Marks Obtained
0 / 55 -
Your score
0.0% -
Time Taken
00 H 00 M 03 S -
Result
Failed
| No | Domain | Total Question | Correct | Incorrect | Unattempted | Marked as Review |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A company has setup a set of Virtual Machines in a network in Azure. They have connected the Virtual Network to their on-premise network using ExpressRoute. There is an issue with an application hosted on the Virtual Machines in the network. A team needs to inspect the packets flowing into the Virtual Machines.
The company decides to use Azure Advisor for the packet analysis
Would this fulfil the requirement?
Answer – B
Azure Advisor is a recommendations-based tool and can’t be used to perform the packet analysis.
For more information on Azure Advisor, please visit the below URL
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
A company has setup a set of Virtual Machines in a network in Azure. They have connected the Virtual Network to their on-premise network using ExpressRoute. There is an issue with an application hosted on the Virtual Machines in the network. A team needs to inspect the packets flowing into the Virtual Machines.
The company decides to use Azure Traffic Analytics for the packet analysis
Would this fulfil the requirement?
Answer – A
Azure Traffic Analytics is used for traffic monitoring and is the correct solution to this business scenario.
The Microsoft documentation mentions the following
For more information on Traffic Analysis, please visit the below URL
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
A company has setup a set of Virtual Machines in a network in Azure. They have connected the Virtual Network to their on-premise network using ExpressRoute. There is an issue with an application hosted on the Virtual Machines in the network. A team needs to inspect the packets flowing into the Virtual Machines.
The company decides to use Azure Traffic Manager for the packet analysis
Would this fulfil the requirement?
Answer – B
Azure Traffic Manager is a DNS based load balancing tool and can’t be used for the purpose of network capture.
For more information on Azure Traffic Manager, please visit the below URL
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
A company is planning on deploying an Azure Web App to 2 regions.
One of the key requirements is to ensure that the web app is always running if an Azure region fails. You need to ensure deployment costs are minimized.
Which of the following service would you include in the deployment of the solution?
Answer – B
You can use the Azure Traffic Manager to switch traffic over to a failover region. The Microsoft documentation mentions the following on the Azure Traffic Manager
Option A is incorrect since this is a compute service in Azure
Options C and D are incorrect since these services can’t be used in region failover scenarios
For more information on Azure Traffic Manager, please visit the below URL
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
A company is planning on deploying an Azure Web App to 2 regions.
One of the key requirements is to ensure that the web app is always running if the primary region fails. You need to ensure deployment costs are minimized.
Which of the following feature would be used to ensure failover in the service?
Answer – C
You can change the routing method for the Traffic Manager to the Priority routing method for implementing failover. The Microsoft documentation mentions the following on the routing method.
Options A and D are incorrect since these features are more pertinent to the Application gateway.
Option B is incorrect since the priority routing method needs to be used for the Azure Traffic Manager.
For more information on Azure Traffic Manager routing methods, please visit the below URL
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
A company currently has an on-premise network with an IP address space of 186.16.0.0/16. The company is going to deploy 20 Virtual machines to Azure. The Virtual machines will be placed in a subnet in an Azure virtual network. The requirement is to ensure the on-premise servers can communicate with the virtual machines hosted in Azure via a site-to-site VPN connection. You have to design the subnet for the virtual network in Azure which will be used to host the virtual machines.
Which of the following address space would you assign for the subnet in the Virtual Network?
Answer – C
The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24. Also, if we look at the question it clearly mentions about having "20 VMs will be deployed in Azure". So taking this into consideration Option C is the correct answer, reason we get 256 IP addresses to work with.
A note on this is also given in the Microsoft documentation
Options A and B are incorrect since these address spaces would conflict with the on-premise address space.
Option D is incorrect since this address space should ideally be used for the gateway subnet
For more information on site-to-site VPN, please visit the below URL
A company currently has an on-premise network with an IP address space of 186.16.0.0/16. The company is going to deploy 20 Virtual machines to Azure. The Virtual machines will be placed in a subnet in an Azure virtual network. The requirement is to ensure the on-premise servers can communicate with the virtual machines hosted in Azure via a site-to-site VPN connection. You have to design the subnet for the virtual network in Azure which will be used to host the virtual machines.
Which of the following address space would you assign for the gateway subnet in the Virtual Network?
Answer – D
The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24 for the subnet in the virtual network. And then use 192.168.1.0/28 as the address space for the gateway subnet.
The Microsoft documentation mentions the following on the gateway subnet
Options A and B are incorrect since these address spaces would conflict with the on-premise address space.
Option C is incorrect since this address space should ideally be used for the subnet to host the virtual machines.
For more information on site-to-site VPN, please visit the below URL
A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure
- The API must send data in JSON format to its internal users
- When external consultants access the API, the header information must be stripped before the data is received
What is the minimum number of API's that need to be added to Azure API management?
Answer – A
Since you just have one API, you can place that behind the API management instance
Because of this reasoning all other options are incorrect
For more information on creating an API management instance, please visit the below URL
https://docs.microsoft.com/en-us/azure/api-management/get-started-create-service-instance
A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure
- The API must send data in JSON format to its internal users
- When external consultants access the API, the header information must be stripped before the data is received
What is the minimum number of products to publish in Azure API management?
Answer – A
You can have one product that is published for the Internal development team. The Microsoft documentation mentions the following on products for API management
Because of this reasoning all other options are incorrect
For more information on the key concepts for API Management, please visit the below URL
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure
- The API must send data in JSON format to its internal users
- When external consultants access the API, the header information must be stripped before the data is received
What is the minimum number of policy elements that need to be added to the API?
Answer – B
You can have one policy element to ensure that XML data is transformed to JSON for the Internal users when it is published to Azure
Below is the policy statement given in the Microsoft documentation
And then you can have one policy element to set the header of the response, so that it is sent as per the requirement to external consultants
Below is the policy statement given in the Microsoft documentation
Because of this reasoning all other options are incorrect
For more information on API Management policies, please visit the below URL
https://docs.microsoft.com/en-us/azure/api-management/api-management-policies
A company currently has resources deployed to their on-premise network and to Azure AD. There is a requirement to ensure that the Azure AD tenant can only be managed from workstations on the on-premise network. Which of the following needs to be part of the implementation of this requirement?
Answer - B
This can be managed by conditional access policies ensuring that the Locations is set in the policy.
Since this is clear from the implementation, all other options are incorrect
For more information on conditional access, please visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
A team has an application that receives data from IoT based devices. The data is sent to CosmosDB which uses the SQL API. A notification needs to be sent when data is received from the IoT devices. Which of the following can be part of the implementation? Choose 2 answers from the options give below
Answer - A and C
You can use the CosmosDB connector for Azure Logic App to trigger a workflow when data is sent to CosmosDB. The Microsoft documentation mentions the following
You can use SendGrid to send emails from the Log App. The Microsoft documentation mentions the following
Options B and D are incorrect since you would need to use Azure Logic Apps to build a workflow
For more information on the connectors, please visit the below URL
https://docs.microsoft.com/en-us/connectors/documentdb/
https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sendgrid
A team has created a storage account in Azure. They also have the following object available in the storage account
In order to access the Sample.txt file, which of the following must be done first?
Answer – B
In order to access the BLOB, since it is in the archive access tier, you need to first change the access tier for the blob object. The Microsoft documentation mentions the following
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the storage tiers, please visit the below URL
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
A team has created a storage account in Azure. They also have the following object available in the storage account
Currently the Sample.txt file will be stored
Answer – B
The Microsoft documentation mentions that the object will be set at a lower storage cost.
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the storage tiers, please visit the below URL
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
A company has the following on-premise data stores
- A Microsoft SQL Server 2012 database
- A Microsoft SQL Server 2008 database
The data needs to be migrated to Azure.
- Requirement 1 - The data in the Microsoft SQL Server 2012 database needs to be migrated to an Azure SQL database
- Requirement 2 - The data in a table in the Microsoft SQL Server 2008 database needs to be migrated to an Azure CosmosDB account that uses the SQL API
Which of the following should be used to accomplish Requirement1?
Answer – D
The Data Migration assistant can be used to migrate the data. It has support for various versions of Microsoft SQL Server as shown below
Option A is incorrect since this works with data in Azure storage accounts
Option B is incorrect since this is used for migration of data to CosmosDB
Option C is incorrect since this is used for building a gateway with the on-premise infrastructure
For more information on the data migration assistant, please visit the below URL
https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-2017
A company has the following on-premise data stores
- A Microsoft SQL Server 2012 database
- A Microsoft SQL Server 2008 database
The data needs to be migrated to Azure.
- Requirement 1 - The data in the Microsoft SQL Server 2012 database needs to be migrated to an Azure SQL database
- Requirement 2 - The data in a table in the Microsoft SQL Server 2008 database needs to be migrated to an Azure CosmosDB account that uses the SQL API
Which of the following should be used to accomplish Requirement2?
Answer – B
This tool can be used for migrating data onto CosmosDB. The Microsoft documentation mentions the following
Option A is incorrect since this works with data in Azure storage accounts
Option C is incorrect since this is used for building a gateway with the on-premise infrastructure
Option D is incorrect since this tool does not have support for CosmosDB
For more information on importing data into CosmoDB, please visit the below URL
https://docs.microsoft.com/en-us/azure/cosmos-db/import-data
Your team is planning on hosting an application that will be hosted on 2 virtual machines in Azure named demovm1 and demovm2. You have to load balance the traffic from the Internet to the Virtual Machines using one Azure Load balancer.
You need to recommend the minimum number of Public IP addresses that would be required
What is the minimum number of Public IP addresses that would be required for the Load Balancer?
Answer – B
You would just need one Public IP address assigned to the Load Balancer. If you look at the example give in the Microsoft documentation on the public load balancer, you can see that the request comes from the clients to the public IP and port of the load balancer
Since this is a clear concept of the Load balancer, all other options are incorrect
For more information on the concepts of the load balancer, please visit the below URL
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Your team is planning on hosting an application that will be hosted on 2 virtual machines in Azure named demovm1 and demovm2. You have to load balance the traffic from the Internet to the Virtual Machines using one Azure Load balancer.
You need to recommend the minimum number of Public IP addresses that would be required
What is the minimum number of Public IP addresses that would be required for demovm1?
Answer – A
When the request is directed from the load balancer to the back end virtual machine, it is made to the Private IP address of the backend virtual machine. This is why you don’t need to have a public IP address assigned to the Virtual Machine. This is also given in the Microsoft documentation
Since this is a clear concept of the Load balancer, all other options are incorrect
For more information on the concepts of the load balancer, please visit the below URL
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Your team is planning on hosting an application that will be hosted on 2 virtual machines in Azure named demovm1 and demovm2. You have to load balance the traffic from the Internet to the Virtual Machines using one Azure Load balancer.
You need to recommend the minimum number of Public IP addresses that would be required
What is the minimum number of Public IP addresses that would be required for demovm2?
Answer – A
When the request is directed from the load balancer to the back end virtual machine, it is made to the Private IP address of the backend virtual machine. This is why you don’t need to have a public IP address assigned to the Virtual Machine. This is also given in the Microsoft documentation
Since this is a clear concept of the Load balancer, all other options are incorrect
For more information on the concepts of the load balancer, please visit the below URL
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
A company wants to run a series of tasks using the Azure Batch service. They have the following key requirements
- Large-scale parallel execution of Azure Batch jobs.
- Minimize costs to run the solution
Which of the following would you consider implementing for the Virtual Machines for running the Batch jobs?
Answer – C
The Azure Batch service already gives you the capability of running processes in parallel. If you want to ensure minimum costs for your solution, then you can consider using low priority nodes.
Option A is incorrect since this is not supported as per the Microsoft documentation as given below
Option B is incorrect since this is used if you have tightly coupled workloads that need to run on the Azure Batch service.
Option D is incorrect since this is used if you have unpredictable workloads to run in Azure.,
For more information on an example of using the Azure Batch service, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/batch/tutorial-parallel-dotnet
A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.
You need to provide recommendations on what certificates are required for the deployment
Which of the following needs to be setup on the Personal certificate store on each laptop?
Correct Answer: C
Explanation:
At Server: need to install "Root Certificate having public Key" normally *.crt file
At Client Computer: need to install "Client Certificate having Private key"
Point-to-Site certificate authentication connections require the following prerequisites:
- A Dynamic VPN gateway.
- The public key (.cer file) for a root certificate, which is uploaded to Azure. This key is considered a trusted certificate and is used for authentication
- A client certificate generated from the root certificate, and installed on each client computer that will connect. This certificate is used for client authentication
- A VPN client configuration package must be generated and installed on every client computer that connects. The client configuration package configures the native VPN client that's already on the operating system with the necessary information to connect to the VNet
Point-to-Site connections don't require a VPN device or an on-premises public-facing IP address. The VPN connection is created over SSTP (Secure Socket Tunneling Protocol). On the server side, we support SSTP versions 1.0, 1.1, and 1.2. The client decides which version to use. For Windows 8.1 and above, SSTP uses 1.2 by defaul
Detail explanation at https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.
You need to provide recommendations on what certificates are required for the deployment
Which of the following needs to be setup on the Computer Personal store on each laptop?
Answer – C
The user’s personal store will have the user certificate that has the private key.
For more information on point to site connections, please go ahead and visit the below URL
A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.
You need to provide recommendations on what certificates are required for the deployment
Which of the following needs to be setup in the Azure VPN gateway?
Answer – B
This is mentioned in the Microsoft documentation as one of the steps in setting up a point to site connection.
Since this is clearly mentioned, all other options are incorrect
For more information on point to site connections, please go ahead and visit the below URL
A company has deployed several applications across Windows and Linux Virtual machines in Azure. Log Analytics are being used to send the required data for alerting purposes for the Virtual Machines.
You need to recommend which tables need to be queried for security related queries.
Which of the following would you query for events from Windows Event Logs?
Answer – C
This is also given in the Microsoft documentation, wherein you would use the Event Table for the queries on events from Windows Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from windows virtual machines, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
A company has deployed several applications across Windows and Linux Virtual machines in Azure. Log Analytics are being used to send the required data for alerting purposes for the Virtual Machines.
You need to recommend which tables need to be queried for security related queries.
Which of the following would you query for events from Linux system logging?
Answer – D
This is also given in the Microsoft documentation, wherein you would use the Syslog Table for the queries on events from Linux Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from linux virtual machines, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
Your company needs to generate a monthly report to determine the what, who, and when for any write operations on all resources that were deployed to the Azure subscription. Which of the following would help achieve this requirement?
Answer – B
You can actually go to the
1) Activity Logs section in Azure Monitor
2) Choose the timespan for the time period required
3) Download the report as CSV
Since this is clear from the implementation, all other options are incorrect
For more information on Activity logs, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-logs-overview
A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application
- Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data
- Give the ability to visualize the relationships between application components
- Give the ability to track requests and exceptions to specific lines of code from within the application
- Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value
Which of the following service would be best suited for fulfilling the requirement of
“Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data”
Answer – C
You can send data about the application and resource usage to Azure Log Analytics. You can then build queries on the stored data.
For more information on Azure Log Analytics, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-viewdata
A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application
- Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data
- Give the ability to visualize the relationships between application components
- Give the ability to track requests and exceptions to specific lines of code from within the application
- Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value
Which of the following service would be best suited for fulfilling the requirement of
“Give the ability to visualize the relationships between application components”
Answer – A
question is talking about "application would be hosted using Azure Web apps"
Means PaaS service.
A. Azure Application Insights
This can be applied to PaaS and hence correct answer
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
B. Azure Service Map
This can be applied to IaaS. Our requirement is for Web App which is not IaaS
Microsoft Azure introducted a new service called Service Map, which is a tool that enables us to map all communication flow to and from a monitored server.
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map
C. Azure Log Analytics
This is good for Analysis of Logs of the component bit not for ability to visualize.
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal
D. Azure Activity Log
Activity Log is storing the data what activity done in Azure Portal or by CLI or PowerShell on a particular Service. Hence this is wrong
A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application
- Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data
- Give the ability to visualize the relationships between application components
- Give the ability to track requests and exceptions to specific lines of code from within the application
- Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value
Which of the following service would be best suited for fulfilling the requirement of
“Give the ability to track requests and exceptions to specific lines of code from within the application”
Answer – A
This feature is part of the Application Insights tool. An example of this is given in the Microsoft documentation
You can use the CodeLens feature in Application Insights to get a deep dive look into exceptions at the code level. An example from the Microsoft documentation is given below
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the CodeLens feature, please visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/app/visual-studio-codelens
A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application
- Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data
- Give the ability to visualize the relationships between application components
- Give the ability to track requests and exceptions to specific lines of code from within the application
- Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value
Which of the following service would be best suited for fulfilling the requirement of
“Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value”
Answer – A
This feature is part of the Application Insights tool. An example of this is given in the Microsoft documentation
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the retention feature of Application Insights, please visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/app/usage-retention
A company is setting up the required privileges for users in their Azure AD tenant. They need to assign a group of users with the below mentioned privileges
- The users should be able to manage virtual networks
- They should not be allowed to manage role assignments
You need to ensure the right role is assigned based on the least privilege access.
You decide to provide the Owner role to the group
Would this fulfil the requirement?
Answer – B
This would also allow the users to have the ability to manage all resources and this would provide too many privileges. Below is a snippet from the Microsoft documentation on the permissions for the role
For more information on in-built roles, please visit the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
A company is setting up the required privileges for users in their Azure AD tenant. They need to assign a group of users with the below mentioned privileges
- The users should only be able to manage virtual networks
- They should not be allowed to manage role assignments
You need to ensure the right role is assigned based on the least privilege access.
You decide to provide the Contributor role to the group
Would this fulfil the requirement?
Answer - B
This would also allow the users to have the ability to manage all resources and this would provide too many privileges. Below is a snippet from the Microsoft documentation on the permissions for the role
For more information on in-built roles, please visit the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
A company is setting up the required privileges for users in their Azure AD tenant. They need to assign a group of users with the below mentioned privileges
- The users should be able to manage virtual networks
- They should not be allowed to manage role assignments
You need to ensure the right role is assigned based on the least privilege access.
You decide to provide the Network Contributor role to the group
Would this fulfil the requirement?
Answer – A
Yes, this is the ideal role which allows users to manage virtual networks but does not give them the access to manage role assignments. Below is a snippet from the Microsoft documentation on the permissions for the role
For more information on in-built roles, please visit the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
A company is planning to migrate an on-premise application to Azure. One component of the application is a windows native application that would be used to perform image processing. It needs to be ensured that when the component is not running, no Azure compute resources are consumed. You need to also ensure that the image processing application runs every hour.
You decide to use Azure Web Jobs for the implementation
Would this fulfil the requirement?
Answer - B
Azure Web jobs are used along with Azure Web Apps for performing background tasks. Here there is no mention of the application being a web application, so using Azure Web job would not be practical.
For more information on Azure Web Jobs, please visit the below URL
https://docs.microsoft.com/en-us/azure/app-service/webjobs-create
A company is planning to migrate an on-premise application to Azure. One component of the application is a windows native application that would be used to perform image processing. It needs to be ensured that when the component is not running, no Azure compute resources are consumed. You need to also ensure that the image processing application runs every hour.
You decide to use Azure Functions for the implementation
Would this fulfil the requirement?
Answer – A
This would fulfil the requirement. So Azure Functions can run as part of the Consumption plan wherein they only consume resources when they are run.
For more information on Azure Functions, please visit the below URL
https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview
A company is planning to migrate an on-premise application to Azure. One component of the application is a windows native application that would be used to perform image processing. It needs to be ensured that when the component is not running, no Azure compute resources are consumed. You need to also ensure that the image processing application runs every hour.
You decide to use Azure Logic App for the implementation
Would this fulfil the requirement?
Answer – B
Azure Logic Apps does perform the task, provided if recurrence triggres is used. Since, it's not mentioned in the question the answer is No..
For more information on Azure Logic Apps, please visit the below URL
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview
Note - We can run recurring automated tasks, processes and workflows with Azure Logic Apps on a schedule by creating a logic app workflow that starts with a built-in Recurrence triggre or Sliding Window triggre. Refer the link to know further.
A company currently has a Web application deployed in classic ASP. The application makes use of third-party DLL's. The deployment process for the application is too prone to errors and scaling and high availability are always issues.
You need to devise an approach to modernize the application that could be deployed to Azure and also ensure deployment and administrative overheads are reduced.
Which of the following would you use as the Modernization approach?
Answer – D
The ideal approach for modernization of applications is to use Containers. And then to run in the cloud, you can use Azure Container Services. The Microsoft documentation mentions the following on Azure Container Instances
Option A is incorrect since this is more of a workflow-based service
Option B is incorrect since is a compute service that ideally should not run web-based applications
Option C is incorrect since this just ports the application but does not present a modern approach to application design
For more information on Azure Container instances, please visit the below URL
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview
A company currently has a Web application deployed in classic ASP. The application makes use of third-party DLL's. The deployment process for the application is to prone to errors and scaling and high availability are always issues.
You need to devise an approach to modernize the application that could be deployed to Azure and also ensure deployment and administrative overheads are reduced.
Which of the following would you recommend as the deployment approach?
Answer – C
You should package your application into containers which can then be deployed onto Azure
For more information on an example of building a container image, please visit the below URL
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-tutorial-prepare-app
A team needs to deploy an application onto Azure. The application will be used to perform intensive and long compute calculations. You need to deploy the solution to Azure. Below are the key requirements
- Ensure every compute node can communicate with each other
- Maximize the number of nodes to perform the computations faster
- Least amount of effort to implement the entire solution
Which of the following would you use as the service for hosting the solution?
Answer – D
The ideal solution to use for this is the Azure Batch Service. The Microsoft documentation mentions the following
Options A and B are incorrect since these are load balancing solutions
Option C is incorrect since this should be used for applications that need to scale on demand
For more information on the Azure Batch service, please visit the below URL
https://docs.microsoft.com/en-us/azure/batch/batch-technical-overview
A team needs to deploy an application onto Azure. The application will be used to perform intensive and long compute calculations. You need to deploy the solution to Azure. Below are the key requirements
- Ensure every compute node can communicate with each other
- Maximize the number of nodes to perform the computations faster
- Least amount of effort to implement the entire solution
Which of the following would you implement within the service?
Answer – B
Since we are going to be using the Azure Batch Service to run the workloads, we need to ensure the tasks run in parallel. The Microsoft documentation mentions the following
Since this is the only ideal approach, all other options are incorrect
For more information on the Azure Batch service, please visit the below URL
https://docs.microsoft.com/en-us/azure/batch/batch-technical-overview
The IT Security department has the requirement to ensure they get notified if there are any changes made to the configuration of the underlying Virtual Machines. A workflow needs to be designed for this requirement. Which of the following would you use for this purpose?
Answer – C
If you are looking at creating workflows, then you have to use Azure Logic Apps
The Microsoft documentation additionally mentions the following
Azure Logic Apps is a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.
Option A is incorrect since this is used for notifications
Option B is incorrect since this is used for listening to events emitted by Azure resources
Option D is incorrect since this is used to work with Azure queues and topics
For more information on Azure Logic Apps, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview
Which of the following service would you use to fulfil the below case study requirement
“The Virtual Machines need to have a central location for storage of files. They would connect to these file shares using SMB”
Answer – C
You would use the Azure File service which can be used to work with shares via the SMB protocol
Option A is incorrect since this is used for Object level storage
Option B is incorrect since this is used for backup and recovery purposes
Option D is incorrect since this is used for hosting tables in Azure
For more information on Azure Files, please go ahead and visit the below URL
You need to comply with the below case study requirement
“There should be an encrypted connection between the On-premise data centre and the Virtual Network whizlabs-net2”
You decide to provision a point to site VPN connection
Would this fulfil the requirement?
Answer – B
Point to site connections are used when you want to connect to an Azure Virtual Network from workstation PC’s
For more information on point to site VPN connections, please go ahead and visit the below URL
You need to comply with the below case study requirement
“There should be an encrypted connection between the On-premise data centre and the Virtual Network whizlabs-net2”
You decide to implement Virtual Network Peering
Would this fulfil the requirement?
Answer – B
Virtual Network peering is used to connect multiple virtual networks together
For more information on Virtual Network Peering, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
You need to comply with the below case study requirement
“There should be an encrypted connection between the On-premise data centre and the Virtual Network whizlabs-net2”
You decide to implement a site-to-site VPN Connection.
Would this fulfil the requirement?
Answer – A
This is the ideal and correct way to connect an Azure Virtual Network with an on-premise data center. The Microsoft documentation mentions the following
For more information on site to site VPN connections, please go ahead and visit the below URL
You need to decide on the implementation strategy for the synchronization of user passwords between the on-premise AD and the Azure AD tenant. You need to ensure that the sign-in is completely managed in the cloud. The company currently does not have the need to apply any policies from their on-premise AD for the authentication process. Which of the following would you consider for the configuration of the synchronization?
Answer – A
A clear diagram on the decision for the type of synchronization to choose is given in the Microsoft documentation as shown below
Based on the decision tree we have to choose “Password Hash Sync” as the option and hence all other options are incorrect
For more information on choosing the right authentication mechanism, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
A company is developing an application that will be hosted using the Azure Kubernetes Service. The application modules need to transmit files to a destination location and must make use of an encryption key for the encryption of the files before transmission. Which of the following will be used for managing the storage of the encryption keys?
Answer – A
In order to store encryption keys in this scenario, we work with Azure Key Vault.
- Keys are stored in a vault and invoked by URI when needed.
- Keys are safeguarded by Azure, using industry standard algorithims, key lengths, and hardware security modules.
- Keys are processed in HSMs that reside in the same Azure datacenters as the applications.
To know how, do refer the following link.
https://github.com/Azure/acs-engine/blob/master/docs/kubernetes/features.md#azure-key-vault-data-encryption
A company is planning on deploying a stateless based application based on microservices using the Azure Service Fabric service. You need to design the infrastructure that would be required in the Azure Service Fabric service. Which of the following should you consider? Choose 2 answers from the applications given below
Answer – A and B
The Microsoft documentation specifies what are the Service Fabric cluster capacity planning considerations
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on the cluster capacity for Azure Service Fabric, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity
A company currently has the following systems running on their on-premise environment
- An ASP.Net application running on Internet Information Services
- A MongoDB database
The company wants to migrate the systems onto Azure. They want to ensure to use managed services to reduce the administrative overhead. They want to minimize the time for migration as well and also reduce costs wherever possible.
Which of the following Azure service would you use for the ASP.Net application?
Answer – C
The ideal service to use is the Azure Web App in the Azure App Service. The Microsoft documentation mentions the following
Options A and D are incorrect since these would less cost effective and not a managed service
Option B is incorrect since this is used for running small pieces of code or functions on Azure cloud
For more information on the Azure App service, please go ahead and visit the below URL
A company currently has the following systems running on their on-premise environment
- An ASP.Net application running on Internet Information Services
- A MongoDB database
The company wants to migrate the systems onto Azure. They want to ensure to use managed services to reduce the administrative overhead. They want to minimize the time for migration as well and also reduce costs wherever possible.
Which of the following Azure service would you use for the MongoDB database?
Answer – A
You can use the MongoDB API which is available as part of CosmosDB
The Microsoft documentation mentions the following
Options B and D are incorrect since these are SQL based data stores
Option C is incorrect since this would less cost effective and not a managed service
For more information on CosmosDB and the MongoDB API, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-introduction
A company needs to create a storage account as shown below
The storage account must meet the following requirements
- Ensure that the documents can be stored in the storage account
- The documents must be made accessible via drive mappings from Azure virtual machines that run Windows Server 2016.
- Provide the highest possible redundancy for the documents.
- Minimize storage access costs.
Objective - Design an infrastructure strategy
Which of the following would you choose for the performance of the Storage account?
Answer – A
You have to use the Standard performance tier. The premium tier only allows storage of Page BLOB’s.
In the below diagram you can see that if we choose Premium as the Performance option, we will have no option for files shares. And that is the main requirement. File shares allow to have drive mappings from Azure Virtual Machines.
Since this is clear from the implementation, all other options are incorrect
For more information on Azure storage accounts, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
A company needs to create a storage account as shown below
The storage account must meet the following requirements
- Ensure that the documents can be stored in the storage account
- The documents must be made accessible via drive mappings from Azure virtual machines that run Windows Server 2016.
- Provide the highest possible redundancy for the documents.
- Minimize storage access costs.
Which of the following would you choose for the Account kind?
Answer – B
If you need to use a storage account to host file shares, the consider General Purpose v2 which has support for Page BLOB’s. Microsoft recommends this storage account kind which has more features than General Purpose v2.
In the Azure portal, you would configure this as shown below
Since this is clear from the implementation, all other options are incorrect
For more information on Azure storage accounts, please go ahead and visit the below URL
A company needs to create a storage account as shown below
The storage account must meet the following requirements
- Ensure that the documents can be stored in the storage account
- The documents must be made accessible via drive mappings from Azure virtual machines that run Windows Server 2016.
- Provide the highest possible redundancy for the documents.
- Minimize storage access costs.
Which of the following would you choose for the replication?
Answer – C
Please refer to
https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction#redundancy
Redundancy
In order to ensure that your data is durable, Azure Storage replicates multiple copies of your data. When you set up your storage account, you select a redundancy option.
Replication options for a storage account include:
- Locally-redundant storage (LRS): A simple, low-cost replication strategy. Data is replicated within a single storage scale unit.
- Zone-redundant storage (ZRS): Replication for high availability and durability. Data is replicated synchronously across three availability zones.
- Geo-redundant storage (GRS): Cross-regional replication to protect against region-wide unavailability.
- Read-access geo-redundant storage (RA-GRS): Cross-regional replication with read access to the replica.
Means redundancy of RA-GRS and GRS: both has same but availability of data is more in RA-GRS than GRS.
in GRS, in case of region failure, data is unavailable till Microsoft trigger failover
but in case of RA-GRS: Data for read-only, is available from secondary region all the time
Since question is also talking about "Minimize cost and as we know cost of GRS is comparatively lower than RA-GRS.
Now please refer to
?
A testing team needs to create resources in an Azure subscription.
These resources will be pertinent to applications that ned to be tested in Azure. These applications will make use of shared resources and application specific resources.
You have to create a deployment solution that meets the following requirements
- Minimize the administrative effort for the testing team to create the application environment
- Ensure that the application environment can be created consistency multiple times
- When the testing of the application is complete, all resources except for the shared resources should be deleted
Which of the following should be used to implement this requirement?
Answer – A
The ideal solution is to use Template deployment. Below is why Microsoft recommends a template deployment.
Also ensure separate resource group deployments. So, when the application needs to be deleted, you can just delete the resource group, so that all resources in the resource group get deleted.
Option B is incorrect since you should deploy shared resources and application specific resources to separate resources groups
Options C and D are incorrect since you should use JSON based templates for deployment
For more information on Resources Groups, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview
A company currently has an Azure account and subscription. They want to host an application using Virtual Machines and a load balancer. There is a requirement to ensure that the application is made available 99.99% of the time. Which of the following would need to be in place? You also have to minimize costs associated with the solution. Choose 2 answers from the options given below
Answer – B and C
This is clearly mentioned in the Microsoft documentation
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on the SLA for the Load balancer, please go to the below URL
https://azure.microsoft.com/en-us/support/legal/sla/load-balancer/v1_0/